7,089 research outputs found
Machine-Readable Privacy Certificates for Services
Privacy-aware processing of personal data on the web of services requires
managing a number of issues arising both from the technical and the legal
domain. Several approaches have been proposed to matching privacy requirements
(on the clients side) and privacy guarantees (on the service provider side).
Still, the assurance of effective data protection (when possible) relies on
substantial human effort and exposes organizations to significant
(non-)compliance risks. In this paper we put forward the idea that a privacy
certification scheme producing and managing machine-readable artifacts in the
form of privacy certificates can play an important role towards the solution of
this problem. Digital privacy certificates represent the reasons why a privacy
property holds for a service and describe the privacy measures supporting it.
Also, privacy certificates can be used to automatically select services whose
certificates match the client policies (privacy requirements).
Our proposal relies on an evolution of the conceptual model developed in the
Assert4Soa project and on a certificate format specifically tailored to
represent privacy properties. To validate our approach, we present a worked-out
instance showing how privacy property Retention-based unlinkability can be
certified for a banking financial service.Comment: 20 pages, 6 figure
A gap analysis of Internet-of-Things platforms
We are experiencing an abundance of Internet-of-Things (IoT) middleware
solutions that provide connectivity for sensors and actuators to the Internet.
To gain a widespread adoption, these middleware solutions, referred to as
platforms, have to meet the expectations of different players in the IoT
ecosystem, including device providers, application developers, and end-users,
among others. In this article, we evaluate a representative sample of these
platforms, both proprietary and open-source, on the basis of their ability to
meet the expectations of different IoT users. The evaluation is thus more
focused on how ready and usable these platforms are for IoT ecosystem players,
rather than on the peculiarities of the underlying technological layers. The
evaluation is carried out as a gap analysis of the current IoT landscape with
respect to (i) the support for heterogeneous sensing and actuating
technologies, (ii) the data ownership and its implications for security and
privacy, (iii) data processing and data sharing capabilities, (iv) the support
offered to application developers, (v) the completeness of an IoT ecosystem,
and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims
to highlight the deficiencies of today's solutions to improve their integration
to tomorrow's ecosystems. In order to strengthen the finding of our analysis,
we conducted a survey among the partners of the Finnish IoT program, counting
over 350 experts, to evaluate the most critical issues for the development of
future IoT platforms. Based on the results of our analysis and our survey, we
conclude this article with a list of recommendations for extending these IoT
platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer
Communications, special issue on the Internet of Things: Research challenges
and solution
Link Before You Share: Managing Privacy Policies through Blockchain
With the advent of numerous online content providers, utilities and
applications, each with their own specific version of privacy policies and its
associated overhead, it is becoming increasingly difficult for concerned users
to manage and track the confidential information that they share with the
providers. Users consent to providers to gather and share their Personally
Identifiable Information (PII). We have developed a novel framework to
automatically track details about how a users' PII data is stored, used and
shared by the provider. We have integrated our Data Privacy ontology with the
properties of blockchain, to develop an automated access control and audit
mechanism that enforces users' data privacy policies when sharing their data
across third parties. We have also validated this framework by implementing a
working system LinkShare. In this paper, we describe our framework on detail
along with the LinkShare system. Our approach can be adopted by Big Data users
to automatically apply their privacy policy on data operations and track the
flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on
Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE
International Conference on Big Data (IEEE BigData 2017) December 14, 2017,
Boston, MA, US
Health data in cloud environments
The process of provisioning healthcare involves massive healthcare data which exists in different forms on disparate data sources and in different formats. Consequently, health information systems encounter interoperability problems at many levels. Integrating these disparate systems requires the support at all levels of a very expensive infrastructures. Cloud computing dramatically reduces the expense and complexity of managing IT systems. Business customers do not need to invest in their own costly IT infrastructure, but can delegate and deploy their services effectively to Cloud vendors and service providers. It is inevitable that electronic health records (EHRs) and healthcare-related services will be deployed on cloud platforms to reduce the cost and complexity of handling and integrating medical records while improving efficiency and accuracy. The paper presents a review of EHR including definitions, EHR file formats, structures leading to the discussion of interoperability and security issues. The paper also presents challenges that have to be addressed for realizing Cloudbased healthcare systems: data protection and big health data management. Finally, the paper presents an active data model for housing and protecting EHRs in a Cloud environment
- …